Vulnerabilities > Archerirm > Archer > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-49209 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. | 4.3 |
2024-10-22 | CVE-2024-49210 | Cross-site Scripting vulnerability in Archerirm Archer Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. | 6.1 |
2024-10-22 | CVE-2024-49211 | Cross-site Scripting vulnerability in Archerirm Archer Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. | 6.1 |
2024-07-25 | CVE-2024-41705 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. | 5.4 |
2024-07-25 | CVE-2024-41706 | Cross-site Scripting vulnerability in Archerirm Archer A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. | 5.4 |
2024-07-25 | CVE-2024-41707 | Cross-site Scripting vulnerability in Archerirm Archer An issue was discovered in Archer Platform 6 before 2024.06. | 5.4 |
2023-12-12 | CVE-2023-48642 | Cross-site Scripting vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. | 5.4 |
2023-10-17 | CVE-2023-45357 | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. | 6.5 |
2023-10-17 | CVE-2023-45358 | Cross-site Scripting vulnerability in Archerirm Archer Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. | 5.4 |
2023-07-14 | CVE-2023-32759 | Exposure of Resource to Wrong Sphere vulnerability in Archerirm Archer 6.10.0.3/6.3.0.0/6.9.3.4 An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | 6.5 |